Package: x2goclient Severity: important Version: 3.99.3.0-prerelease Hi Alex, The current implementation of the http session broker code in X2Go Client has a task called setpass. From reading the code of the example session broker you sent me some weeks ago and from looking at the X2Go Client code in httpbrokerclient.cpp you do not request the user to enter his old password before changing it to a new password. From my perspective this is a no-go feature and it should be changed to something that also PAM and other passwd tools would do. Request the old passwd, set the new password (twice on the GUI). Even if there is an authentication happening prior to changing the password, the old password should be queried again, before a password change is possible. With x2gobroker in Git, I I would like to work in this direction and we will need an adaptation in X2Go Client sooner or later, I guess. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb